x64dbg - An open-source x64/x32 debugger for windows.

  •        82

This is a community effort and we accept pull requests! See the CONTRIBUTING document for more information. If you have any questions you can always contact us or open an issue. You can take a look at the easy issues to get started. You can find an exhaustive list of GitHub contributers here.

http://x64dbg.com
https://github.com/x64dbg/x64dbg

Tags
Implementation
License
Platform

   




Related Projects

xAnalyzer - xAnalyzer plugin for x64dbg

  •    C

xAnalyzer is a plugin for the x86/x64 x64dbg debugger by @mrexodia. This plugin is based on APIInfo Plugin by @mrfearless, although some improvements and additions have been made. xAnalyzer is capable of doing various types of analysis over the static code of the debugged application to give more extra information to the user. This plugin is going to make an extensive API functions call detections to add functions definitions, arguments and data types as well as any other complementary information, something close at what you get with OllyDbg analysis engine, in order to make it even more comprehensible to the user just before starting the debuggin task. Defined and generic functions, arguments, data types and additional debugging info recognition.

capstone - Capstone disassembly/disassembler framework: Core (Arm, Arm64, EVM, M68K, M680X, Mips, PPC, Sparc, SystemZ, TMS320C64x, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell, Visual Basic)

  •    C

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community. Support multiple hardware architectures: ARM, ARM64 (ARMv8), Ethereum VM, M68K, Mips, PPC, Sparc, SystemZ, TMS320C64X, M680X, XCore and X86 (including X86_64).

bap - Binary Analysis Platform

  •    OCaml

The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a reverse engineering and program analysis platform that works with binary code and doesn't require the source code. BAP supports multiple architectures: ARM, x86, x86-64, PowerPC, and MIPS. BAP disassembles and lifts binary code into the RISC-like BAP Instruction Language (BIL). Program analysis is performed using the BIL representation and is architecture independent in a sense that it will work equally well for all supported architectures. The platform comes with a set of tools, libraries, and plugins. The documentation and tutorial are also available. The main purpose of BAP is to provide a toolkit for implementing automated program analysis. BAP is written in OCaml and it is the preferred language to write analysis, we have bindings to C, Python and Rust. The Primus Framework also provide a Lisp-like DSL for writing program analysis tools. BAP is developed in CMU, Cylab and is sponsored by various grants from the United States Department of Defense, Siemens AG, and the Korea government, see sponsors for more information.

plasma - Plasma is an interactive disassembler for x86/ARM/MIPS

  •    Python

The old project name was Reverse. PLASMA is an interactive disassembler. It can generate a more readable assembly (pseudo code) with colored syntax. You can write scripts with the available Python api (see an example below). The project is still in big development.

RE-for-beginners - "Reverse Engineering for Beginners" free book

  •    TeX

Topics discussed: x86/x64, ARM/ARM64, MIPS, Java/JVM. Compiled versions can be found here: English, Russian, German and French.


zydis - Fast and lightweight x86/x86-64 disassembler library

  •    C

Fast and lightweight x86/x86-64 disassembler library. The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console.

reverse-engineering-reference-manual - collage of reverse engineering topics that I find interesting

  •    Python

NOTE(2): beta? Yes. In the coming months I'm planning on adding more pictures and diagrams to the current content. Plans to add more sections will continue after revamping it. NOTE(3): CI? We all hate broken links. The CI is my attempt to make sure all the external links in this repository are still working. And if any of them is broken, I can easily pinpoint which one and swiftly update it with another relevant link.

ScyllaHide - Fork of ScyllaHide: https://bitbucket.org/NtQuery/scyllahide, Releases:

  •    C++

ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various functions in usermode to hide debugging. This tool is intended to stay in usermode (ring3). If you need kernelmode (ring0) Anti-Anti-Debug please see TitanHide https://github.com/mrexodia/titanhide. PE x64 debugging is fully supported with plugins for x64dbg and IDA.

zyan-disassembler-engine - Fast and lightweight x86/x86-64 disassembler library.

  •    C++

Fast and lightweight x86/x86-64 disassembler library.

Udis86 Disassembler for x86 and x86-64

  •    C

Udis86 is an easy-to-use minimalistic disassembler library for the x86 and x86-64 instruction set architectures. The primary intent of the design and development of udis86 is to aid software development projects that entail binary code analysis.

udis86 - Disassembler Library for x86 and x86-64

  •    C

Disassembler Library for x86 and x86-64

xbyak - a JIT assembler for x86(IA-32)/x64(AMD64, x86-64) MMX/SSE/SSE2/SSE3/SSSE3/SSE4/FPU/AVX/AVX2/AVX-512 by C++ header

  •    C++

This is a header file which enables dynamically to assemble x86(IA32), x64(AMD64, x86-64) mnemonic. header file only you can use Xbyak's functions at once if xbyak.h is included.

Triton - Triton is a Dynamic Binary Analysis (DBA) framework

  •    C++

Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools, automate reverse engineering and perform software verification. As Triton is still a young project, please, don't blame us if it is not yet reliable. Open issues or pull requests are always better than troll =).

rewolf-wow64ext - Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems

  •    C++

WOW64Ext is a helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems. It enables x86 applications to read, write and enumerate memory of a native x64 applications. There is also possibility to call any x64 function from 64-bits version of NTDLL through a special function called X64Call(). As a bonus, wow64ext.h contains definitions of some structures that might be useful for programs that want to access PEB, TEB, TIB etc.

WinREPL - x86 and x64 assembly "read-eval-print loop" shell for Windows

  •    C++

WinREPL is a "read-eval-print loop" shell on Windows that is useful for testing/learning x86 and x64 assembly. zerosum0x0/WinREPL is similar to yrp604/rappel (Linux) and Tyilo/asm_repl (Mac), but with a slightly different methodology that should allow for tricks such as self-modifying shellcode crypting/encoding. There is also enferex/asrepl for a Unicorn (emulated) version, but WinREPL is completely native inside a Windows process context.

barf-project - BARF : A multiplatform open source Binary Analysis and Reverse engineering Framework

  •    Python

The analysis of binary code is a crucial activity in many areas of the computer sciences and software engineering disciplines ranging from software security and program analysis to reverse engineering. Manual binary analysis is a difficult and time-consuming task and there are software tools that seek to automate or assist human analysts. However, most of these tools have several technical and commercial restrictions that limit access and use by a large portion of the academic and practitioner communities. BARF is an open source binary analysis framework that aims to support a wide range of binary code analysis tasks that are common in the information security discipline. It is a scriptable platform that supports instruction lifting from multiple architectures, binary translation to an intermediate representation, an extensible framework for code analysis plugins and interoperation with external tools such as debuggers, SMT solvers and instrumentation tools. The framework is designed primarily for human-assisted analysis but it can be fully automated. All packages were tested on Ubuntu 16.04 (x86_64).

exrs - Exercises for learning Reverse Engineering and Exploitation.

  •    C

Exercises for learning Reverse Engineering and Exploitation. All binaries for these challenges are ELF 64-bit LSB executable, x86-64.

ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API

  •    Python

ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community (reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors, for hardware and software interoperability, for security research). ScratchABit supports well-known in the community IDAPython API to write disassembly/extension modules.

obfusion - Obfusion - C++ X86 Code Obfuscation Library

  •    C++

This library handles obfuscation of assembled X86 machine code in order to make it harder to read and analyze during the reverse engineering process. Should work very well with obfuscating shellcode that is later embedded with executable files. If shellcode is known to security products, the obfuscation process should make it bypass any signature detection scans.

x86/x86-64 assembler/jitter written in C#

  •    

The project goal is to develop a library for generating machine code irrelatively to machine architecture. Assembler-like C# API is a bonus.